PushBullet notifications suddenly stopped working

[bogr]

Hey!

All of a sudden, without me making any changes or updates the PushBullet notifications stopped working, with the log showing:

Code: Select all

[2023-08-26 18:47:19.753] [I] [core] NotificationPushbullet: SSL peer certificate or SSH remote key was not OK

Started sometime around June, but I haven't noticed until now.
Checking the code and doing a curl call with the appropriate request params according to the code, the call actually works

Code: Select all

curl -X POST -d '{"title":"the_title:", "type":"note"}' -H "Access-Token:the_access_token" -H "Content-Type:application/json" https://api.pushbullet.com/v2/pushes

Can't understand why it doesn't work when the call is made from the PushBullet app in z-way? Any ideas?

[bogr]

I really can't get this. I've tried

Code: Select all

sudo update-ca-certificates

and in the code setting

Code: Select all

verify: false,

and

Code: Select all

validate_cert: false,

on the request, but nothing works.

I've even tried doing the curl inside system, in the code

Code: Select all

system('curl...')

which actually worked.

Thought it had something to do with some expired cert but I don't get it. Any ideas on how to at least debug this issue?

[seattleneil]

The problem you're encountering has an explanation.

The PushBullet app relies on a custom JavaScript engine that Z-Way developers have extended by adding support for http requests (among other enhancements). I'm pretty sure the code for the JavaScript engine's http request is contained in file /opt/z-way-server/modules/modhttp.so. Making the equivalent http request using the curl command relies on completely different code and libraries. Specifically, Z-Way's http request uses library /usr/lib/arm-linux-gnueabihf/libcurl-gnutls.so.4.7.0 and the curl command uses library /usr/lib/arm-linux-gnueabihf/libcurl.so.4.7.0.

To see the difference, I suggest using tcpdump to capture the packets to/from api.pushbullet.com. Something like the following:

Code: Select all

# tcpdump -i eth0 -n -v -w /tmp/pushbullet.pcap host api.pushbullet.com

Next, transfer the file /tmp/pushbullet.pcap to a computer where wireshark has been installed and open the file using wireshark. This will allow you to see the packets being exchanged. The frustrating part is that although you'll see the problem, I don't think you'll be able to fix the problem yourself. My guess is that the certificate used by api.pushbullet.com is malformed in some way and libcurl-gnutls.so.4.7.0 treats the certificate as a fatal error, while libcurl.so.4.7.0 treats the api.pushbullet.com certificate differently.

If you really want to use PushBullet for notifications, I suggest you modify the index.js for the app and change the url to http://127.0.0.1:8000/pushbutton.py. Next, run a python webserver on port 8000 with cgi-bin enabled (/usr/bin/python3 -m http.server --cgi 8000) and create a file cgi-bin/pushbutton.py to read the content data. Something like the following:

Code: Select all

data = ""

if int(os.environ.get('CONTENT_LENGTH', 0)) != 0:

    for i in range(int(os.environ.get('CONTENT_LENGTH', 0))):
        data += sys.stdin.read(1)
 

Once you have the data from the hacked pushbutton app via the python web server in the pushbutton.py file, you can use the curl command to api.pushbullet.com.

Yeah, it's a workaround. For what it's worth, I try to avoid adding unnecessary complexity to Z-Way processing by moving functionality to a local python cgi script.

[bogr]

Great answer and detailed clarification! Makes perfect sense.

I actually noticed that I have an older version of the libs, 4.5.0, so maybe an upgrade might solve the problem, will check.
Otherwise I'll consider which of the python vs system(curl) solution is "better". Both have of course pros and cons.
Thanks a lot!